

FIG. 2





FIG. 3



FIG. 4A



FIG. 4B

Page 5 of 23
Express Mail No. EL 971197827 US
Atty. Docket: 59165-298553
Intent-Driven Functional Verification of Digital Designs
Atty. of Record: Michael A. DeSanctis, 303-607-3633



FIG. 4C

Page 6 of 23 Express Mail No. EL 971197827 US

Atty. Docket: 59165-298553 Intent-Driven Functional Verification of Digital Designs Atty. of Record: Michael A. DeSanctis, 303-607-3633

FIG. 5



Page 7 of 23 Express Mail No. EL 971197827 US Atty. Docket: 59165-298553 Intent-Driven Functional Verification of Digital Designs Atty. of Record: Michael A. DeSanctis, 303-607-3633



FIG. 6A

Page 8 of 23
Express Mail No. EL 971197827 US
Atty. Docket: 59165-298553
Intent-Driven Functional Verification of Digital Designs
Atty. of Record: Michael A. DeSanctis, 303-607-3633







FIG. 8

Page 11 of 23
Express Mail No. EL 971197827 US
Atty. Docket: 59165-298553
Intent-Driven Functional Verification of Digital Designs
Atty. of Record: Michael A. DeSanctis, 303-607-3633

```
1.
        define DEFAULT_MAX_ACCESS_TIME 1'b1
3.
        module main(clk, reset,
4.
                   dataA, clientRequestA, jobCompleteA, clientGrantA,
                   dataB, clientRequestB, jobCompleteB, clientGrantB,
6.
                   dataC, clientRequestC, jobCompleteC, clientGrantC,
7.
                   memoryData);
8.
                                  clk, reset:
9.
                   input
                                  dataA, dataB, dataC;
10.
                   input [0:0]
11.
                   input
                                  clientRequestA, clientRequestB, clientRequestC;
12.
                   input
                                  jobCompleteA, jobCompleteB, jobCompleteC;
13.
                   output
                                  clientGrantA, clientGrantB, clientGrantC;
14.
                   output [0:0]
                                  memoryData;
15.
16.
                   wire [0:0]
                                  dataOutA, dataOutB, dataOutC;
17.
                   // Put sentries at the boundary signals and make them active constantly.
18.
19.
20.
                   // vx sentry dataA, dataB, dataC:clk;
21.
                   // vx always activate(dataA,dataB,dataC);
22.
23.
                   // Create three instances of the bus interface
24.
25.
                   Businterface businterfaceA(clk, reset, clientRequestA, JobCompleteA,
26.
                          dataA, dataOutA, requestA, grantA,
27.
                          clientGrantA);
28.
29.
                   Businterface businterfaceB(clk, reset, clientRequestB, jobCompleteB,
30.
                          dataB, dataOutB, requestB, grantB,
31.
                          clientGrantB);
32.
33.
                   Businterface businterfaceC(clk, reset, clientRequestC, JobCompleteC,
34.
                          dataC, dataOutC, requestC, grantC,
35.
                          clientGrantC);
36.
37.
                   RoundRobinArbiter arbiter(clk, reset,
38.
                          dataOutA, requestA, grantA,
                          dataOutB, requestB, grantB, dataOutC, requestC, grantC,
39.
40.
41.
                          memoryData);
42.
43.
        endmodule // main
```

```
44.
         module BusInterface(clk, reset, clientRequest, jobComplete,
45.
                  data, dataOut, request, grant, clientGrant);
46.
47.
                                     clk, reset, clientRequest, jobComplete;
                  input
48.
                  input [0:0]
                                     data;
49.
                  output [0:0]
                                     dataOut:
50.
                  // vx sentry dataOut:clk;
51.
52.
                   output
                                     request;
53.
                  input
                                     grant;
54.
                   output
                                     clientGrant;
55.
56.
                  parameter
                                     NO_REQ = 2'bOO;
57.
                   parameter
                                     REQ=2'b01;
58.
                   parameter
                                      GRANTED = 2'b10:
59.
60.
                   reg [1:0] state, nextState;
61.
                   // vx flop state;
62.
                   //assign request = ((state == REQ) || (state == GRANTED));
assign request = ((state == REQ) || ((state == GRANTED) && !jobComplete));
63.
64.
65.
                   assign dataOut = data;
66.
                   assign clientGrant = grant;
67.
68.
                   always @(state or reset or clientRequest or jobComplete or grant)
69.
                   begin
70.
                             if (reset)
71.
                            begin
72.
                                      nextState = NO_REQ;
73.
                                      // vx deactivate(dataOut);
74.
                             end
75.
                             else
76.
                             begin
77.
                                      nextState = state;
78.
                                      case (state)
79.
                                                NÓ_REQ:
80.
                                                begin
81.
                                                         // vx deactivate(dataOut);
82.
                                                         if (clientRequest) nextState = REQ;
83.
                                                end
84.
                                                REQ:
85.
                                                begin
86.
                                                         // vx assert("env1", clientRequest && !jobComplete);
87.
                                                         if (grant) nextState = GRANTED;
88.
                                                end
89.
                                                VGRANTED:
90.
                                                begin
91.
                                                         // vx activate(dataOut);
                                                         // vx assert("env2", !clientRequest);
if (jobComplete || 'grant)
nextState = NO_REQ;
92.
 93.
 94.
 95.
                                                end
 96.
                                      endcase // case(state)
 97.
                             end // else
 98.
                   end // always
 99.
 100.
                   always @(posedge clk)
 101.
                   state <= nextState:
 102.
          endmodule//BusInterface
```

```
103.
         module RoundRobinArbiter(clk, reset,
104.
                 dataA, requestA, grantA,
105.
                 dataB, requestB, grantB,
106.
                 dataC, requestC, grantC,
107.
                 writeData);
108.
109.
                 input
                                   clk, reset;
110.
                 input [0:0]
                                   dataA, dataB, dataC;
111.
                 input
                                   requestA, requestB, requestC;
                                   grantA, grantB, grantC;
112.
                 output
113.
                                   writeData;
                 output [0:0]
114.
115.
                 // vx sentry dataA, dataB, dataC: clk;
116.
117.
                 reg [0:0]
                                   watchDogTimer, nextWatchDogTimer;
118.
                 reg [2:0]
                                   state, nextState;
119.
                 // vx flop state, watchDogTimer;
120.
                 wire [0:0]
                                   maxAccessTime;
121.
122.
                  parameter
                                   idle = 3'bOOO;
123.
                  parameter
                                   ready = 3'b001;
124.
                  parameter
                                   stateA = 3'b010;
125.
                  parameter
                                   stateB = 3'b011;
126.
                 parameter
                                   stateC = 3'b100;
127.
128.
                  //next state logic
129.
                  always ©(reset or requestA or requestB or requestC or state or watchDogTimer)
130.
                  begin
131.
                         // vx deactivate(dataA,dataB,dataC);
132.
                         if (reset) begin
133.
                                   nextState= idle;
134.
                                   nextWatchDogTimer = 1 'b0;
135.
                  end
136.
                  else begin
137.
                                   next8tate= idle; // default state
138.
                                   //by default timer should increment
139.
                                   nextWatchDogTimer = watchDogTii-ner+1'bl;
```

```
140.
141.
                                  case (state)
142.
                                  idle:
143.
                                  begin
144.
                                            nextWatchDogTimer = 1'b0;
145.
                                            if (requestA || requestB || requestC) nextState = ready;
146.
                                  end
147.
                                  ready:
148.
                                  begin
149.
                                            if (requestA) nextState = stateA;
                                            else if (requestB) nextState = stateB;
150.
                                            else if (requestC) nextState = stateC;
151.
                                            else nextState = idle;
152.
153.
                                   end
154.
                                   stateA:
155.
                                   begin
156.
                                            // vx activate(dataA);
157.
                                            nextState= stateA;
158.
                                            // if request has been disabled or the max access time has
159.
                                            //reached change state.
160.
                                            if ((requestA == 1'b0) || (watchDogTimer == maxAccessTime)) begin
161.
                                                     nextWatchDogTimer = 1 'b0;
162.
                                                     if (requestB) nextState = stateB;
163.
                                                     else if (requestC) nextState = stateC;
164.
                                                     else nextState = idle:
165.
                                            end
166.
                                   end
167.
                                   stateB:
168.
                                   begin
169.
                                            // vx activate(dataB);
170.
                                            nextState= stateB;
171.
                                            if ((requestB == 1'b0) || (watchDogTimer == maxAccessTime)) begin
172.
                                                      nextWatchDogTimer = 1'b0;
173.
                                                      if (requestC) nextState= stateC;
 174.
                                                      else if (requestA) nextState= stateA;
 175.
                                                      else nextState= idle:
 176.
                                             end
 177.
                                   end
 178.
                                   stateC:
 179.
                                   begin
 180.
                                             // vx activate(dataC);
 181.
                                             nextState= stateC;
                                             if ((requestC === 1'b0) || (watchDogTimer == maxAccessTime)) begin
 182.
 183.
                                                      nextWatchDogTimer = 1'b0;
 184.
                                                      if (requestA) nextState= stateA;
 185.
                                                      else if (requestB) nextState= stateB;
 186.
                                                      else nextState^ idle;
 187.
                                             end
 188.
                                   end
 189.
                               endcase//case(state)
 190.
                        end
 191.
                  end//always
```

Page 15 of 23 Express Mail No. EL 971197827 US Atty. Docket: 59165-298553 Intent-Driven Functional Verification of Digital Designs Atty. of Record: Michael A. DeSanctis, 303-607-3633

```
192.
                   //state transition
193.
                   always @(posedge clk)
194.
                   begin
195.
                              state <= nextState;
196.
                              watchDogTimer <= nextWatchDogTimer;
197.
                   end
198.
                   //outputs
199.
                   assign grantA = (nextState == stateA);
200.
                   assign grantB = (nextState == stateB);
201.
                   assign grantC = (nextState == stateC);
                   assign writeData = (grantA ? dataA : 'DATA_WIDTH'bz);
assign writeData = (grantB ? dataB : 'DATA_WIDTH'bz);
assign writeData = (grantC ? dataC : 'DATA_WIDTH'bz);
202.
203.
204.
205.
                   assign maxAccessTime = •DEFAULT_MAX_ACCESS_TIME;
206.
                   // vx always onetrue("grant", grantA, grantB, grantC);
207.
           endmodule // RoundRobinArbiter
```

FIG. 9E

Page 16 of 23
Express Mail No. EL 971197827 US
Atty. Docket: 59165-298553
Intent-Driven Functional Verification of Digital Designs
Atty. of Record: Michael A. DeSanctis, 303-607-3633

FIG. 10



Page 17 of 23
Express Mail No. EL 971197827 US
Atty. Docket: 59165-298553
Intent-Driven Functional Verification of Digital Designs
Atty. of Record: Michael A. DeSanctis, 303-607-3633

FIG. 11



FIG. 12



| =======================================                                | =======                                |
|------------------------------------------------------------------------|----------------------------------------|
| Validation Results for Module "mair                                    | l"                                     |
|                                                                        |                                        |
|                                                                        |                                        |
| Functional Checks Summary                                              |                                        |
| Failed checks (FAILED)                                                 |                                        |
| Bounded failed checks (BOUNDED_FAIL)                                   |                                        |
| Inconclusive checks (INCONCLUSIVE) Secondary failed checks (SECONDARY) |                                        |
| Interface checks (INTERFACE)                                           | MANT                                   |
| Skipped checks (UNPROCESSED                                            | /DISABLED/DEFERRED)                    |
| Bounded passed checks (BOUNDE                                          |                                        |
| Passed checks (PASSED/USER P/                                          | ASSED/CONDITIONAL)                     |
| Total checks                                                           |                                        |
|                                                                        |                                        |
| ======================================                                 | <b>-</b>                               |
|                                                                        | =                                      |
| Number of inferred flops                                               | = 10                                   |
| Number of inferred latches<br>Number of static X sources               | = 0<br>= 0                             |
| Number of non-resettable flops                                         | = 0<br>= 0                             |
|                                                                        | •                                      |
| Common of failed abode by the ac-                                      | ************************************** |
| Summary of failed checks by type:                                      | <b></b>                                |
| [CA] =0 (out of 39)                                                    |                                        |
| [BE] = 1 (out of 40)                                                   |                                        |
| [AX] = 1 (out of 15)<br>[CME]=0 (out of 10)                            |                                        |
| [CV] =0 (out of 29)                                                    |                                        |
| [AC] =0 (out of 7)                                                     |                                        |
| [AAO]=0 (out of 6)                                                     |                                        |
| [AID]=0 (out of 9)                                                     |                                        |
| [LVD] = 3 (out of 9)                                                   |                                        |

FIG. 13A

Page 20 of 23
Express Mail No. EL 971197827 US
Atty. Docket: 59165-298553
Intent-Driven Functional Verification of Digital Designs
Atty. of Record: Michael A. DeSanctis, 303-607-3633

| FAILED     | E carbitar next State bit 0 AV 6                                                                                                                                                                            |
|------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| PAILED     | E : arbiter.nextState_bit0_AX_6 : Enable condition for block with assignment "arbiter.nextState_bit0_AX_6" is always : Block with assignment "arbiter.nextState_bit0_AX_6" is defined on line 191 of "rr3". |
| Assignme   | xecution [AX] : 1 failed check                                                                                                                                                                              |
| FAILED     | X: arbiter.nextWatehDogTimer_bit0_AX_1 : Assignment "arbiter.nextWatchDogTimer_bit0_AX_1" only has a constant 1'b1 val : Assignment "arbiter. nextWatchDogTimer_bit0_AX_1" is defined on line 179 of "rr    |
| Loss of va | data [LVD] : 3 failed checks                                                                                                                                                                                |
| FAILED     | VD: dataA[0] : Loss of valid data has been detected on wire "dataA[0]" : Wire "dataA[0]" is defined on line 40 of "rr3.v" : VCD file is "roundRobin3/main/trace221.vcd"                                     |
| FAILED     | VD :dataB[0] : Loss of valid data has been detected on wire "dataB[0]" : Wire "dataB[0]" is defined on line 41 of "rr3.v" : VCD file is "roundRobin3/main/trace223.vcd"                                     |
|            | VD :dataC[0]                                                                                                                                                                                                |

FIG. 13B

Intent-Driven Functional Verification of Digital Designs Atty. of Record: Michael A. DeSanctis, 303-607-3633

```
66.
       67.
       Summary of bounded failed checks by type:
68.
       -----
69.
       [CA] = 0 (out of 39)
70.
       [BE] = 0 (out of 40)
71.
       [AX] = 0 (out of 15)
72.
       [CME]=0 (out of 10)
73.
       [CV] = 0 (out of 29)
74.
       [AC] = 0 (out of 7)
75.
       [AAO] = 0 (out of 6)
76.
       [AID]=0 (out of 9)
77.
       [LVD] = 0 (out of 9)
78.
79.
       80.
       Summary of inconclusive checks by type:
81.
82.
       [CA] = 0 (out of 39)
83.
       [BE] = 0 \text{ (out of 40)}
84.
       [AX] = 0 (out of 15)
85.
       [CME]=0 (out of 10)
86.
       [CV] = 0 (out of 29)
87.
       [AC] =0 (out of 7)
88.
       [AAO]=0 (out of 6)
89.
       [AID] = 0 (out of 9)
90.
       [LVD] = 3 (out of 9)
91.
92.
       Loss of valid data [LVD] 3 inconclusive checks
93.
94.
       INCONCLUSIVE LVD
                              :busInterfaceA.dataOut[0]
95.
                              : Valid data loss check on wire "busInterfaceA.dataOut[0]" did not complete
96.
                              : Wire "busInterfaceA.dataOut[0]" is defined on line 80 of "rr3.v"
97.
       INCONCLUSIVE LVD
                              :busInterfaceB.dataOut[0]
98.
                              : Valid data loss check on wire "busInterfaceB.dataOut[0]" did not complete
99.
                              : Wire "busInterfaceB.dataOut[0]" is defined on line 80 of "rr3.v"
100.
       INCONCLUSIVE LVD
                              :businterfaceC.dataOut[0]
101.
                              : Valid data loss check on wire "busInterfaceC.dataOut[0]" did not complete
102.
                              : Wire "busInterfaceC.dataOut[0]" is defined on line 80 of "rr3.v"
103.
104.
        105.
       Summary of secondary failed checks by type:
106.
107.
        [CA] = 0 (out of 39)
 108.
        [BE] =0 (out of 40)
 109.
        [AX] = 0 (out of 15)
 110.
        [CME]=0 (out of 10)
 111.
        [CV] = 0 (out of 29)
 112.
        [AC] = 0 (out of 7)
 113.
        [AAO]=0 (out of 6)
 114.
        [AID]=0 (out of 9)
 115.
        [LVD]=0 (out of 9)
```

```
116.
       Summary of interface checks by type:
117.
118.
       119.
       [CA] = 0 (out of 39)
       [BE] = 0 (out of 40)
120.
       [AX] = 0 (out of 15)
121.
122.
       [CME]=0 (out of 10)
123.
       [CV] = 0 (out of 29)
       [AC] = 6 (out of 7)
124.
       [AAO]=0 (out of 6)
125.
126.
       [AID] = 3  (out of 9)
127.
       [LVD]=3 (out of 9)
128.
129.
       Assertion correctness [AC]: 6 interface checks
130.
131.
       INTERFACE
                       AC
                                :busInterfaceA.envl
132.
                               : Correctness check on assertion "busInterfaceA.envl" is at the interface
133.
                                : Assertion "busInterfaceA.envl" is defined on line 121 of "rr3.v"
134.
       INTERFACE
                        AC
                               :businterfaceA.env2
135.
                               : Correctness check on assertion "busInterfaceA.env2" is at the interface
136.
                               : Assertion "busInterfaceA.env2" is defined on line 127 of "rr3.v"
137.
                               : Check is used by conditional checks :
138.
        AID
                                : arbiter.dataA[0]
139.
        INTERFACE
                        AC
                                :busInterfaceB.envl
140.
                                : Correctness check on assertion "busInterfaceB.envl" is at the interface
141.
                                : Assertion "busInterfaceB.envl" is defined on line 121 of "rr3.v"
142.
        INTERFACE
                        AC
                                :busInterfaceB.env2
143.
                                : Correctness check on assertion "busInterfaceB.env2" is at the interface
144.
                                : Assertion "busInterfaceB.env2" is defined on line 127 of "rr3.v"
145.
                                : Check is used by conditional checks :
146.
        AID
                                : arbiter.dataB[0]
147.
        INTERFACE
                        AC
                                :busInterfaceC.envi
                                : Correctness check on assertion "busInterfaceC.envl" is at the interface
148.
149.
                                : Assertion "busInterfaceC.envl" is defined on line 121 of "rr3.v"
150.
        INTERFACE
                        AC
                                :busInterfaceC.env2
151.
                                : Correctness check on assertion "busInterfaceC.env2" is at the interface
152.
                                : Assertion "busInterfaceC.env2" is defined on line 127 of "rr3.v"
153.
                                : Check is used by conditional checks :
154.
        AID
                                : arbiter.dataC[0]
155.
156.
        Access of invalid data [AID]: 3 interface checks
157.
158.
        INTERFACE
                        aid
                                :dataA[0]
 159.
                                : Wire "dataA[0]" has accessed invalid data from the interface
160.
                                :Wire "dataA[0]" is defined on line 40 of "rr3.v"
        INTERFACE
161.
                        AID
                                :dataB[0]
162.
                                : Wire "dataB[0]" has accessed invalid data from the interface
 163.
                                : Wire "dataB[0]" is defined on line 41 of "rr3.v"
 164.
        INTERFACE
                        AID
                                :dataC[0]
 165.
                                : Wire "dataC[0]" has accessed invalid data from the interface
 166.
                                : Wire "dataC[0]" is defined on line 42 of "rr3.v"
```

Intent-Driven Functional Verification of Digital Designs Atty. of Record: Michael A. DeSanctis, 303-607-3633

```
167.
       Loss of valid data [LVD] 3 interface checks
168.
169.
                                  :arbiter.dataA[0]
                      LVD
170.
       INTERFACE
                                  : Wire "arbiter.dataA[0]" has loss of valid data at the interface
171.
                                  : Wire "arbiter.dataA[0]" is defined on line 141 of "rr3.v"
172.
                                  :arbiter.dataB[0]
                      LVD
        INTERFACE
173.
                                  : Wire "arbiter.dataB[0]" has loss of valid data at the interface
174.
                                  : Wire "arbiter.dataB[0]" is defined on line 142 of "rr3.v"
175.
                                  :arbiter.dataC[0]
        INTERFACE
                      LVD
176.
                                  : Wire "arbiter.dataC[0]" has loss of valid data at the interface
177.
                                  : Wire "arbiter.dataC[0]" is defined on line 143 of "rr3.v"
178.
179.
        180.
        Summary of unprocessed checks by type:
181.
        182.
        [CA] = 0 (out of 39)
 183.
        [BE] = 0 (out of 40)
 184.
        [AX] = 0 (out of 15)
 185.
        [CME]=0 (out of 10)
 186.
         [CV] = 0 (out of 29)
 187.
         [AC] = 0 (out of 7)
 188.
        [AAO]=0 (out of 6)
 189.
         [AID]=0 (out of 9)
 190.
         [LVD]=0 (out of 9)
 191.
 192.
 193.
         [...]
 194.
         195.
         Summary of passed checks by type:
 196.
         197.
         [CA] = 39 (out of 39)
  198.
         [BE] = 39 \text{ (out of 40)}
  199.
         [AX] = 14 \text{ (out of 15)}
  200.
         [CME]= 10 (out of 10)
  201.
  202.
         [CV] = 29 \text{ (out of } 29)
          [AC] = 1 (out of 7)
  203.
          [AAO]=6 (out of 6)
  204.
          [AID] = 6 (out of 9)
  205.
  206.
          [LVD] = 0 (out of 9)
  207.
  208.
          [...]
  209.
          ______
  210.
          List of inferred flops
  211.
          212.
          businterfaceA.state[0]
   213.
   214.
          businterfaceA.state[1]
   215.
          businterfaceB.state[0]
   216.
          busInterfaceB.state[1]
          busInterfaceC.state[0]
   217.
           busInterfaceC.state[1]
   218.
   219.
           arbiter.state[0]
   220.
           arbiter.state[1]
   221.
           arbiter.state[2]
```

222.

arbiter.watchDogTimer[0]